Example: Set up the PingAuthorize Policy Editor in OIDC mode (PingFederate)
Use this example as a reference to set up the PingAuthorize Policy Editor for sign-ons using a PingFederate OIDC provider:
$ bin/setup oidc \
--oidcHostname <ping-federate-hostname> \
--oidcPort <ping-federate-port> \
--clientId pingauthorizepolicyeditor \
--generateSelfSignedCertificate \
--decisionPointSharedSecret pingauthorize \
--hostname <pap-hostname> \
--port <pap-port> \
--adminPort <admin-port> \
--licenseKeyFile <path-to-license>
The Policy Editor uses the provided OIDC host name and OIDC to query the PingFederate server’s autodiscovery endpoint for the information it needs to make OIDC requests. The provided client ID represents the Policy Editor and must be configured in PingFederate.
The Policy Editor can skip host name verification and accept self-signed SSL certificates from the OIDC provider.
The following example uses the PING_OIDC_TLS_VALIDATION
environment variable to set up the Policy Editor to handle sign-ons for a provider using a self-signed certificate:
$ env PING_OIDC_TLS_VALIDATION=NONE bin/setup oidc \
--oidcHostname <ping-federate-hostname> \
--oidcPort <ping-federate-port> \
--clientId pingauthorizepolicyeditor \
--generateSelfSignedCertificate \
--decisionPointSharedSecret pingauthorize \
--hostname <pap-hostname> \
--port <pap-port> \
--adminPort <admin-port> \
--licenseKeyFile <path-to-license>
For more information about configuring PingFederate, see Configuring an OIDC provider for single sign-on requests from PingAuthorize.